Skip to main content

Targeting an SSH-enabled system

For each system, add a target (Manage the system >Resources >Target systems):

  • Type is SSHD Host target system .

  • Address uses options described in the table below.

  • Set the administrator ID and Password to the login ID and password for the target system administrator you configured in Configuring a target system administrator .

    Table 1. SSHD Host target address configuration

    Option

    Description

    Options marked with a redstar.png are required.

    Script file redstar.png

    Must be set to the name of the file described in Writing a script .

    (key: script)

    Server redstar.png

    The IP address/domain name of the server

    (key: server)

    Advanced

    Port

    TCP Port number. Default is 22.

    (key: port)

    Compression

    Select to enable data compression for SSH connections. Default is false.

    (key: compression)

    Action for host keys

    Select AllowAppend (default) or DenyUnmatch. For new targets, AllowAppend is recommended.

    • AllowAppend connects to SSH hosts whose public host keys have been previously recorded and have not been changed, and to SSH hosts whose keys have not been previously recorded. It will reject SSH hosts whose keys were previously recorded but have changed.

    • DenyUnmatch only connects to SSH hosts whose public host keys have been previously recorded and have not been changed. It will reject SSH hosts whose keys have not been previously recorded or were previously recorded but have changed.

      (key: hostkeys)

    Host keys file

    Specify the name of the public host key file. It must be located in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory. Otherwise host keys are stored in the registry. It is recommended to keep this option unspecified.

    The file consists of a KVGroup with an entry that contains the host information as the key and the hostkey as the value. This information can be extracted from the PuTTY registry entries (HKEY_CURRENT_USER \Software\SimonTatham\PuTTY\SshHostKeys) where "Name" corresponds to the key and "Data" corresponds to the value.

    (key: file)

    Authentication key file

    Specify the file containing the client key to authenticate to the server if public key authentication is desired or required. It must be located in the <instancedir> directory.

    The SSH connector supports key files in the following formats:

    • The KVG or PuTTY format used by the sshkeygen utility and sshkeyconvert utility.

    • The private key format used by OpenSSH (a client and server suite, mostly encountered on UNIX systems)

    • The key file format used by PuTTY (a popular graphical SSH client for Windows, also available on UNIX)

      In order to connect to an SSH server using public key authentication, the public key given by an SSH key generator (like the supplied sshkeygen ), inside the KVG output under PublicKey, or the OpenSSH ssh-keygen in the id_*sa.pub file) needs to be installed on the SSH server for the account to be targeted.

      (key: authkey)

    Timeout for connection

    Amount of time the connector will wait for a response.

    (key: timeout)

    Other settings

    Enter additional data to be passed into the script, in KVGroup format; for example {hostname=SSHHOST;} .



The SSH target system address syntax is entered as:

{[script=<ScriptFileName>;]server=<server>;[port=<port>;][compression=<true|false>;][hostKeys=<DenyUnmatch|AllowAppend>;][file=<FilePath>;][authkey=<AuthKeyPath>;]} 

Note

You can extend the address wizard by adding address line elements using the addressattrs function, as explained in PSLang Scripts for agtdos, agttelnet, and agtssh. This is useful when creating a scripted target system with a scripted platform definition file.

In this section: